Cybercriminals are leveraging Internet Message Access Protocol (IMAP) for password-spray attacks to compromise cloud-based accounts according to Proofpoint.
Justin Jett, Director of Audit and Compliance at Plixer:
“Password-spraying attacks are extremely dangerous because they often allow hackers to brute force attacks without being locked out or triggering an alert to the IT team. Two-factor authentication inherently can’t work with IMAP, and so it is automatically bypassed when authenticating. Additionally, IT teams should be sure they have network traffic analytics enabled across their network to spot credential misuse. Because password-spraying attacks don’t generate an alarm or lock out a user account, a hacker can continually attempt logging in until they succeed. Once they succeed, they may try to use the credentials they found for other purposes. Ideally, organizations using Office365 should disable IMAP, and other legacy protocols, completely for the domain. While this may mean fewer clients are supported, it means that accounts on the network will not be susceptible to these password-spraying attacks. For organizations with in-house email, if disabling IMAP isn’t possible, the connections to the server should be carefully monitored. If you notice a large number of connections from a similar source, you may have a password-spraying attack taking place. Network traffic analytics can give you the details you need to spot these and other attacks so your users and the business aren’t compromised.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.